Re: [opensc-devel] Changing Admin PIN on PIV card

[Ravneet Singh Khalsa]

C_SetPIN does not change Admin PIN.

-Original Message-
From: helpcrypto helpcrypto helpcry...@gmail.com
Sent: ‎12/‎11/‎2012 11:43 PM
To: Ravneet Singh Khalsa rsi...@quantumsecure.com
Cc: opensc-devel@lists.opensc-project.org 
opensc-devel@lists.opensc-project.org
Subject: Re: [opensc-devel] Changing Admin PIN on PIV card

pkcs11's C_SetPin ?

On Wed, Dec 12, 2012 at 3:06 AM, Ravneet Singh Khalsa
rsi...@quantumsecure.com wrote:
 Hi,



 Does there any tool or API exists to change Admin PIN on Gemalto PIV Cards ?



 Thanks.




 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Changing Admin PIN on PIV card

[Ravneet Singh Khalsa]

Hi Douglas,

Thanks for your suggestion. I tried the following command.

piv-tool -s 00:2C:00:81:10:31:32:33:34:FF:FF:FF:FF:31:31:31:31:FF:FF:FF:FF
(changing Admin Pin from 1234 to )

It didn't work for me. The output of the command above is attached. See if
there is something that you can figure out.

Thanks.


-Original Message-
From: opensc-devel-boun...@lists.opensc-project.org
[mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of Douglas
E. Engert
Sent: Wednesday, December 12, 2012 7:31 AM
To: opensc-devel@lists.opensc-project.org
Subject: Re: [opensc-devel] Changing Admin PIN on PIV card



On 12/11/2012 8:06 PM, Ravneet Singh Khalsa wrote:
 Hi,

 Does there any tool or API exists to change Admin PIN on Gemalto PIV Cards
?

If the card is following NIST 800-73-3 The piv-tool can do it.

800-73 leaves a lot of card management commands up to the vendor, so check
the vendor docs on this and what is the initial PUK. The PUK is not used be
the end user, and some commands to the card may require the global pin vs
the PIV application PIN or PUK as defined in 800-73-3.


  piv-tool  -s 00:2C:00:81:10:$OLDPUK:$NEWPUK

Where $OLDPUK is the current and $NEWPUK is the new one Both are hex
representation of the numbers padded to 8 with FF

So to change from 1234567 to 112233
  piv-tool  -s
00:2C:00:81:10:31:32:33:34:35:36:37:ff:31:31:32:32:33:33:ff:ff

On some cards the previous PUK may have been all hex zeros.

The attached  script could be used. It is assuming a $1 parameter that is a
card number ($CARDN) that is used to look up information about the card,
such as the previous PUK in ./cards/$CARDN/



 Thanks.



 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel


-- 

  Douglas E. Engert  deeng...@anl.gov
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
Received (SW1=0x00, SW2=0x00):
90 22 D2 FA FE 07 00 00 58 01 48 00 00 00 00 00 ...X.H.
00 00 00 00 00 00 00 00 30 02 48 00 00 00 00 00 0.H.
B0 C0 74 FE FE 07 00 00 A0 C3 74 FE FE 07 00 00 ..t...t.
D0 C1 74 FE FE 07 00 00 00 00 49 00 00 00 00 00 ..t...I.
70 CD 74 FE FE 07 00 00 30 02 48 00 00 00 00 00 p.t.0.H.
00 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 D0 DC 22 00 00 00 00 00 ...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
D0 DD 22 00 00 00 00 00 1B 00 00 00 00 00 00 00 ...
B8 DC 22 00 00 00 00 00 00 01 00 00 00 00 00 00 ...
80 4F 76 FE FE 07 00 00 00 6B 51 00 00 00 00 00 .Ov..kQ.
B0 DB 22 00 00 00 00 00 F0 DC 22 00 00 00 00 00 ..
00 00 00 00 00 00 00 00 68 02 48 00 00 00 00 00 h.H.
00 00 00 00 00 00 00 00 70 02 48 00 00 00 00 00 p.H.
B0 4D 50 00 00 00 00 00 3C 33 D1 FA FE 07 00 00 .MP.3..
00 00 00 00 00 00 00 00 30 02 48 00 00 00 00 00 0.H.
E0 7C 30 00 00 00 00 00 80 00 49 00 00 00 00 00 .|0...I.
30 02 48 00 00 00 00 00 74 02 49 00 00 00 00 00 0.H.t.I.
60 05 49 00 00 00 00 00 10 37 D2 FA FE 07 00 00 `.I..7..
00 00 00 00 00 00 00 00 01 01 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 1B 00 00 00 00 00 00 00 
4D 00 00 4D 00 00 4D 00 00 00 02 00 00 00 4D 00 M..M..M...M.
20 00 00 00 00 00 00 00 4D 00 48 00 00 00 00 00  ...M.H.
00 6B 51 00 00 00 00 00 16 00 00 00 00 00 00 00 .kQ.
00 00 00 00 00 00 00 00 03 00 00 00 4D 00 00 00 M...
00 00 00 00 00 00 00 00 1B 00 00 00 00 00 00 00 
06 00 DA 00 33 00 00 00 70 04 49 00 00 00 00 00 3...p.I.
00 00 00 00 00 00 00 00 01 01 51 00 00 00 00 00 ..Q.
00 00 00 00 00 00 00 00 2C 00 00 00 00 00 00 00 ,...
02 00 00 02 00 00 4D 00 00 00 02 00 00 00 4D 00 ..M...M.
00 6B 51 00 00 00 00 00 4D 00 00 0B 00 00 00 00 .kQ.M...
00 6B 51 00 00 00 00 00 F0 76 50 00 00 00 00 00 .kQ..vP.
00 00 00 00 00 00 00 00 03 00 00 00 4D 00 00 00 M...
F0 4B 30 00 00 00 00 00 2C 00 00 00 00 00 00 00 .K0.,...
4D 00 00 00 1B 00 00 00 32 F3 6B FE FE 07 00 00 M...2.k.
80 00 00 00 00 00 00 00 00 6B 51 00 00 00 00 00 .kQ.
30 02 48 00 00 00 00 00 30 02 48 00 00 00 00 00 0.H.0.H.
78 03 48 00 00 00 00 00 70 02 48 00 00 00 00 00 x.H.p.H.
B0 9B 30 00 00 00 00 00 1B 00 00 1B 00 00 00 00 ..0.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
9F DF A4 E6 D3 D8 00 00 6A EF 6B FE FE 07 00 00 j.k.
00 00 00 00 26 00 00 00 10 E2 22 00 00 00 00 00 ..
00 00 00 00 00 00 00 40 00 00 67 FE FE 07 00 00 ...@..g.
B0 4B 30 00 00 00 00 00 50 DF 22 00 00 00 00 00 .K0.P..
D8 9C 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ..0.
B0

[opensc-devel] Changing Admin PIN on PIV card

[Ravneet Singh Khalsa]

Hi,

 

Does there any tool or API exists to change Admin PIN on Gemalto PIV Cards ?

 

Thanks.

 

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] PIV-tool in windows environment

[Ravneet Singh Khalsa]

Hello experts,

 

I am considering using PIV-tool for certificate enrollment for PIV cards for
my company. I am following the instructions specified in the link
http://www.opensc-project.org/opensc/wiki/PivTool. I have downloaded the
opensc-i686-w64-mingw32-011-base build on my windows 7 client machine. The
instructions on the above link looks like UNIX instructions. Can I get
equivalent windows instructions ? I was able to generate public key using
piv-tool, but I could not generate certificate request using SSL. Is there
equivalent command for Windows specific environment ? 

 

The command seems to be pointing to engine_pkcs11.so and opensc-pkcs11.so
files. I couldn't find these files anywhere.

 

Any help would be appreciated.

 

Thanks,

Ravneet

 

I am a programmer and I understand only programming languages.

 

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel